Jump to content

[SOLVED] Introduction to File Upload!

Trium918

By Trium918
in PHP Coding Help

 Share

Recommended Posts

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

What am I missing? Need some guidance.

 

<?php

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

 

This is the result that I am getting.

Possible file upload attack!
Here is some more debugging info:Array
(
    [userfile] => Array
        (
            [name] => logout.txt
            [type] => text/plain
            [tmp_name] => C:\WINDOWS\TEMP\php228.tmp
            [error] => 0
            [size] => 882
        )

)

marf Member

marf

Posted
Posted

hrm, typically how I did file upload (mind you this was some time ago) was using the copy(), and then unlink() functions.

 

Perhaps they are oldschool, but try this

 

<?php

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (copy($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    unlink($_FILES['userfile']['tmp_name'];
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

Lumio Member

Lumio

Posted
Posted

http://www.php.net/manual/features.file-upload.php

$_FILES['userfile']['name']

 

    The original name of the file on the client machine.

$_FILES['userfile']['type']

 

    The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

$_FILES['userfile']['size']

 

    The size, in bytes, of the uploaded file.

$_FILES['userfile']['tmp_name']

 

    The temporary filename of the file in which the uploaded file was stored on the server.

$_FILES['userfile']['error']

 

    The error code associated with this file upload. This element was added in PHP 4.2.0

 

For example:

<?php
if(move_uploaded_file($_FILES['upload_file']['tmp_name'], "./my_dir/".$_FILES['upload_file']['name'])) {
	$size = intval($_FILES['upload_file']['size']);
	$sizes = array('Byte', 'KB', 'MB', 'GB', 'TB');
	$unit = 0;
	while ($size >= 1024) {
		if ($unit < (count($sizes)-1) ) {
			$size /= 1024;
			$unit++;
		}else
			break;
	}
	$size = round($size,2);
	echo $size.$sizes[$unit];
	echo 'Uploaded <i>'.$_FILES['upload_file']['name'].'</i>';
}else
	echo 'Error';
?>

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

http://www.php.net/manual/features.file-upload.php

$_FILES['userfile']['name']

 

    The original name of the file on the client machine.

$_FILES['userfile']['type']

 

    The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

$_FILES['userfile']['size']

 

    The size, in bytes, of the uploaded file.

$_FILES['userfile']['tmp_name']

 

    The temporary filename of the file in which the uploaded file was stored on the server.

$_FILES['userfile']['error']

 

    The error code associated with this file upload. This element was added in PHP 4.2.0

 

For example:

<?php
if(move_uploaded_file($_FILES['upload_file']['tmp_name'], "./my_dir/".$_FILES['upload_file']['name'])) {
	$size = intval($_FILES['upload_file']['size']);
	$sizes = array('Byte', 'KB', 'MB', 'GB', 'TB');
	$unit = 0;
	while ($size >= 1024) {
		if ($unit < (count($sizes)-1) ) {
			$size /= 1024;
			$unit++;
		}else
			break;
	}
	$size = round($size,2);
	echo $size.$sizes[$unit];
	echo 'Uploaded <i>'.$_FILES['upload_file']['name'].'</i>';
}else
	echo 'Error';
?>

 

Thanks, Lumio! ['name'],['type'],['size'],['tmp_name'] are there like

properties of the $_FILES or will the script work if they were renamed?

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

Can anyone explain to me why this script is adding

the file upload to the picture that is being uploaded?

 

Example: $idir = "C:\Program Files\Apache Group\Apache2\htdocs\web\upload";

uploadpicture.pjpeg

 

I am trying to get it to go in the folder upload as picture.pjpeg

 

<?php
if($_POST['submit']) {
if(($_FILES["userfile"]["type"] == "image/gif") ||($_FILES["userfile"]["type"]== "image/pjpeg"))
{ 
if ($_FILES["userfile"]["error"] > 0)
{
   echo "Return Code: " . $_FILES["userfile"]["error"] . "<br />";
}
else{
  echo "Upload: " . $_FILES["userfile"]["name"] . "<br />";
  echo "Type: " . $_FILES["userfile"]["type"] . "<br />";
  echo "Size: " . ($_FILES["userfile"]["size"] / 1024) . " Kb<br />";
  echo "Stored in: " . $_FILES["userfile"]["tmp_name"];
}	
    # Path To Images Directory 
    $idir = "C:\Program Files\Apache Group\Apache2\htdocs\web\upload";   
if (file_exists("$idir" . $_FILES["userfile"]["name"]))
    {
      echo $_FILES["userfile"]["name"] . " already exists. ";
    }
    else{
      move_uploaded_file($_FILES["userfile"]["tmp_name"], "$idir" . $_FILES["userfile"]["name"]);
      echo "Stored in: " . "$idir" . $_FILES["userfile"]["name"];
    }
}
else {die("Invalid File");}
}
?>

Trium918 Advanced Member

Trium918

Posted
  • Author
Posted

I need some help debugging this please!

 

I the problem is this script. The entire script is

after the first code block.

<?php
// read photo
$TempFileName = $_FILES['userfile']['tmp_name']; // temporary file at server side
$TempFile = fopen($TempFileName, "are");
$BinaryPhoto = fread($TempFile, filesize($TempFileName));

// Try to read image
$OldErrorReporting = error_reporting(E_ALL & ~(E_WARNING)); // ingore warnings

//This is the line that is not allowing the page to excute.
$SourceImage = imagecreatefromstring($BinaryPhoto); // try to create image

error_reporting($OldErrorReporting);
?>

 

<?php
if($_POST['submit']) {

$PhotoFileName = $_FILES["userfile"]["name"]; // get client side file name

$FileNameParts = explode(".", $PhotoFileName);
$FileExtension = end($FileNameParts); // part behind last dot

if ($FileExtension != "jpg" && $FileExtension != "JPEG" && 
$FileExtension != "JPG"
&& $FileExtension != "gif"){ die ("Choose a JPG or GIF for the photo"); }
//else { echo "Thats it!";}

$PhotoSize = $_FILES['userfile']['size']; // size of uploaded file
if ($PhotoSize == 0){	
	die ("Sorry. The upload of $sPhotoFileName has failed.
			Search a photo smaller than 100K, using the button.");
}
if ($PhotoSize > 102400){	
	die ("Sorry. The file $sPhotoFileName is larger than 100K.
			Advice: reduce the photo using a drawing tool.");
}
// read photo
$TempFileName = $_FILES['userfile']['tmp_name']; // temporary file at server side
$TempFile = fopen($TempFileName, "are");
$BinaryPhoto = fread($TempFile, filesize($TempFileName));
}

// Try to read image
$OldErrorReporting = error_reporting(E_ALL & ~(E_WARNING)); // ingore warnings
$SourceImage = imagecreatefromstring( ,$BinaryPhoto); // try to create image
error_reporting($OldErrorReporting);

if (!$SourceImage){ // error, image is not a valid jpg 
	die ("Sorry. It was not possible to read photo $sPhotoFileName.
			Choose another photo in JPG format.");
}		
}
echo "Test Line";
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.